Since November, the U.S. Health and Human Services Department collected more than $16 million in settlements from just five electronic patient data breaches. It is clear that inadequate cybersecurity practices, specifically in the healthcare sector, are becoming exponentially more expensive, especially when comparing post-breach costs to investing in cybersecurity on the front-end. Just this week, Advocate Health Care dished out $5.55 million in settlements for multiple Health Insurance Portability and Accountability Act (HIPPA) violations related to electronic protected health information (ePHI). While this recent settlement is the largest to date, Bill Ho, CEO of Biscom, said the costs will only increase as more opportunities for huge settlements and fines surface in the future due to stronger enforcement of HIPPA related penalties.
While this will ideally lead to healthcare providers making major changes in order to comply with the law, significant changes will certainly take time. The fact that three of the largest healthcare data breaches occurred in 2015 further shows that the sector is falling behind as cybercriminals constantly explore new methods to increase the size and volume of their attacks. So, what’s expected for 2016? Certainly more data breaches leading to more fines, as the healthcare sector continues to fall short in terms of cybersecurity.